244151
|
4.3 |
MEDIUM
|
cisco
|
ios
|
The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003.
|
CWE-399
リソース管理の問題
|
CVE-2012-5039
|
2014-04-24 01:44 |
2014-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244152
|
4.6 |
MEDIUM
|
cisco
|
ios catalyst_6500 catalyst_7600
|
The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an o…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-5037
|
2014-04-24 01:38 |
2014-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244153
|
6.8 |
MEDIUM
|
cisco
|
ios
|
Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662.
|
CWE-399
リソース管理の問題
|
CVE-2012-5036
|
2014-04-24 01:31 |
2014-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244154
|
6.4 |
MEDIUM
|
cisco
|
ios
|
The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN tr…
|
CWE-287
不適切な認証
|
CVE-2012-5032
|
2014-04-24 00:41 |
2014-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244155
|
6.3 |
MEDIUM
|
cisco
|
ios
|
Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (…
|
NVD-CWE-noinfo
|
CVE-2012-5014
|
2014-04-24 00:18 |
2014-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244156
|
5.0 |
MEDIUM
|
cisco
|
ios
|
The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated …
|
CWE-287
不適切な認証
|
CVE-2012-4658
|
2014-04-24 00:13 |
2014-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244157
|
4.3 |
MEDIUM
|
cisco
|
ios
|
Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Towe…
|
CWE-189
数値処理の問題
|
CVE-2012-4651
|
2014-04-23 23:58 |
2014-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244158
|
4.9 |
MEDIUM
|
cisco
|
ios
|
Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318.
|
NVD-CWE-noinfo
|
CVE-2012-4638
|
2014-04-23 23:54 |
2014-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244159
|
4.3 |
MEDIUM
|
cisco
|
ios catalyst_2900 catalyst_2900_vlan catalyst_2900xl
|
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certa…
|
NVD-CWE-noinfo
|
CVE-2012-3918
|
2014-04-23 23:42 |
2014-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244160
|
5.7 |
MEDIUM
|
cisco
|
ios
|
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a ne…
|
CWE-20
不適切な入力確認
|
CVE-2012-3062
|
2014-04-23 23:35 |
2014-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244161
|
4.3 |
MEDIUM
|
vasthtml
|
forumpress
|
Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or HT…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-6623
|
2014-04-23 23:35 |
2014-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244162
|
7.2 |
HIGH
|
ruckuswireless
|
zoneflex_2942__firmware zoneflex_2942
|
Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructi…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5030
|
2014-04-23 23:26 |
2013-10-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244163
|
5.4 |
MEDIUM
|
cisco
|
ios
|
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.
|
CWE-119
バッファエラー
|
CVE-2012-1317
|
2014-04-23 23:21 |
2014-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244164
|
5.0 |
MEDIUM
|
cisco
|
ios
|
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.
|
CWE-399
リソース管理の問題
|
CVE-2012-0360
|
2014-04-23 23:18 |
2014-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244165
|
4.3 |
MEDIUM
|
siege
|
phpmyid
|
Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.con…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-2890
|
2014-04-23 22:37 |
2014-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244166
|
6.8 |
MEDIUM
|
carbonblack
|
carbon_black
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative …
|
CWE-352
同一生成元ポリシー違反
|
CVE-2014-1615
|
2014-04-23 21:36 |
2014-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244167
|
3.3 |
LOW
|
freedesktop
|
poppler
|
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on tem…
|
CWE-59
リンク解釈の問題
|
CVE-2013-4472
|
2014-04-23 21:20 |
2014-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244168
|
6.4 |
MEDIUM
|
vtiger
|
vtiger_crm
|
modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPa…
|
CWE-20
不適切な入力確認
|
CVE-2014-2269
|
2014-04-23 01:31 |
2014-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244169
|
5.8 |
MEDIUM
|
eduserv
|
openathens_service_provider
|
Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."
|
CWE-287
不適切な認証
|
CVE-2012-5353
|
2014-04-23 01:29 |
2012-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244170
|
7.5 |
HIGH
|
fitnesse
|
fitnesse_wiki
|
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
|
NVD-CWE-Other
|
CVE-2014-1216
|
2014-04-23 01:24 |
2014-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244171
|
7.5 |
HIGH
|
fitnesse
|
fitnesse_wiki
|
Per: https://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2014-1216
|
2014-04-23 01:24 |
2014-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244172
|
6.4 |
MEDIUM
|
pimcore
|
pimcore
|
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which all…
|
CWE-20
不適切な入力確認
|
CVE-2014-2922
|
2014-04-23 00:06 |
2014-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244173
|
7.5 |
HIGH
|
pimcore
|
pimcore
|
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, w…
|
CWE-94
コード・インジェクション
|
CVE-2014-2921
|
2014-04-23 00:04 |
2014-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244174
|
5.0 |
MEDIUM
|
cisco
|
cns_network_registrar
|
The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437.
|
CWE-20
不適切な入力確認
|
CVE-2014-2155
|
2014-04-22 04:59 |
2014-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244175
|
5.0 |
MEDIUM
|
siemens
|
sinema_server
|
Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.
|
CWE-20
不適切な入力確認
|
CVE-2014-2733
|
2014-04-22 04:31 |
2014-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244176
|
9.3 |
HIGH
|
siemens
|
sinema_server
|
Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.
|
NVD-CWE-noinfo
|
CVE-2014-2731
|
2014-04-22 04:28 |
2014-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244177
|
6.8 |
MEDIUM
|
toshibatec
|
e-studio-232 e-studio-233 e-studio-282 e-studio-283
|
Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authen…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2014-1990
|
2014-04-22 04:23 |
2014-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244178
|
5.0 |
MEDIUM
|
progea
|
movicon
|
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.
|
CWE-200
情報漏えい
|
CVE-2014-0778
|
2014-04-22 03:50 |
2014-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244179
|
4.9 |
MEDIUM
|
remote-rac
|
rac_server
|
PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a denial of service (disabled keyboard or crash) via a large input buffer to unspecified IOCTL requests in RACDriver.sys, which tr…
|
CWE-20
不適切な入力確認
|
CVE-2014-2597
|
2014-04-22 03:15 |
2014-04-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244180
|
4.3 |
MEDIUM
|
digium
|
asterisk
|
The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS requ…
|
CWE-20
不適切な入力確認
|
CVE-2014-2288
|
2014-04-22 02:50 |
2014-04-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244181
|
3.5 |
LOW
|
digium
|
asterisk
|
res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request witho…
|
CWE-20
不適切な入力確認
|
CVE-2014-2289
|
2014-04-22 02:50 |
2014-04-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244182
|
3.5 |
LOW
|
digium fedoraproject
|
certified_asterisk asterisk fedora
|
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when c…
|
CWE-20
不適切な入力確認
|
CVE-2014-2287
|
2014-04-22 02:37 |
2014-04-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244183
|
7.5 |
HIGH
|
digium fedoraproject
|
asterisk fedora certified_asterisk
|
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote a…
|
CWE-20
不適切な入力確認
|
CVE-2014-2286
|
2014-04-22 02:20 |
2014-04-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244184
|
3.5 |
LOW
|
f-secure
|
secure_messaging_secure_gateway
|
Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new par…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-2844
|
2014-04-22 00:08 |
2014-04-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244185
|
7.5 |
HIGH
|
f-secure
|
anti-virus email_and_server_security server_security
|
SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Ant…
|
CWE-89
SQLインジェクション
|
CVE-2013-7369
|
2014-04-21 23:49 |
2014-04-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244186
|
5.8 |
MEDIUM
|
kokuyo
|
camiapp
|
The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1986
|
2014-04-19 13:48 |
2014-04-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244187
|
7.8 |
HIGH
|
lightwitch prosody
|
metronome prosody
|
plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cau…
|
CWE-20
不適切な入力確認
|
CVE-2014-2744
|
2014-04-19 13:48 |
2014-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244188
|
7.8 |
HIGH
|
prosody
|
prosody
|
Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream,…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-2745
|
2014-04-19 13:48 |
2014-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244189
|
5.0 |
MEDIUM
|
juniper
|
junos srx100 srx110 srx210 srx220 srx240 srx550 srx650
|
Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when …
|
NVD-CWE-noinfo
|
CVE-2014-0612
|
2014-04-19 13:46 |
2014-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244190
|
5.0 |
MEDIUM
|
wireshark
|
wireshark
|
The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote atta…
|
CWE-20
不適切な入力確認
|
CVE-2013-7112
|
2014-04-19 13:45 |
2013-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244191
|
5.0 |
MEDIUM
|
wireshark
|
wireshark
|
Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote …
|
CWE-119
バッファエラー
|
CVE-2013-7114
|
2014-04-19 13:45 |
2013-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244192
|
4.3 |
MEDIUM
|
reviewboard
|
review_board
|
Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arb…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-2209
|
2014-04-19 13:35 |
2013-07-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244193
|
1.9 |
LOW
|
xen
|
xen
|
Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hyp…
|
CWE-20
不適切な入力確認
|
CVE-2013-1917
|
2014-04-19 13:34 |
2013-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244194
|
4.7 |
MEDIUM
|
xen
|
xen
|
Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table tra…
|
CWE-119
バッファエラー
|
CVE-2013-1918
|
2014-04-19 13:34 |
2013-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244195
|
4.7 |
MEDIUM
|
xen
|
xen
|
Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-1919
|
2014-04-19 13:34 |
2013-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244196
|
6.1 |
MEDIUM
|
xen
|
xen
|
Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause …
|
CWE-16
環境設定
|
CVE-2012-5634
|
2014-04-19 13:28 |
2013-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244197
|
5.0 |
MEDIUM
|
net-snmp
|
net-snmp
|
The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous…
|
CWE-20
不適切な入力確認
|
CVE-2014-2310
|
2014-04-19 00:52 |
2014-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244198
|
6.8 |
MEDIUM
|
amos_benari
|
rbovirt
|
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
|
CWE-310
暗号の問題
|
CVE-2014-0036
|
2014-04-18 22:48 |
2014-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244199
|
6.4 |
MEDIUM
|
redhat
|
openstack
|
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized co…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-0071
|
2014-04-18 01:00 |
2014-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244200
|
4.7 |
MEDIUM
|
emc
|
cloud_tiering_appliance_software cloud_tiering_appliance file_management_appliance_software file_management_appliance
|
EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-depen…
|
CWE-255
証明書・パスワード管理
|
CVE-2014-0645
|
2014-04-18 00:10 |
2014-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|